[cryptography] [liberationtech] Random number generator failure in Rasperri Pis?
dj at deadhat.com
Fri Jul 19 21:27:40 EDT 2013
On 7/19/2013 10:13 AM, Mahrud S wrote:
> Isn't the thermal noise a good enough entropy source? I mean, it's a
> $25 computer, you can't expect much of it.
Directly sampled thermal noise entropy sources have proven:
1) Difficult to model mathematically to determine safe value for min
2) Difficult to determine will work constantly across all environmental
conditions and the lifetime of the device
3) Difficult to self test in circuit
Three independent sources is a lot more convenient because you can then
use a 3 input extractor such as the BIW 3 input extractor which is
beautifully simple in HW and permits constant time implementations in
SW. However it does require that you know the min entropy in order to
know the min entropy of the resulting number. It's good for toy noise
sources because you can assume a really low min-entropy, iterate a few
times and have a good result.
It's the difference between 'It looks random to me' and 'I know and
understand the basis on which I believe this to be random'.
Binary process noise samplers are much easier to model, test and build,
which is why we went that way for Intel chips. The RNG only takes a tiny
sliver of silicon. You might as well get it right.
More information about the cryptography